The corporate enterprise has a great deal of applications, systems, and data to maintain each day. To help maintain those assets, they bring performance management and capacity planning management in as a best practice and means of delivering a positive IT experience to the organization. The new tools of today tell more than just what is up and what is down, but degradation of service, API calls, and the list goes on. All good stuff.
There are a great deal of websites in our organization today. These websites are migrating from static pages to actual web based applications. Websites have always been that one off for most infrastructure teams, and they sure don't do much monitoring. Is it the forgotten front? The devices that use web sure are exploding, and there is big push from marketing and the business for a bigger, more advance web presence, so are we ready?
There are a few great tools out there to help monitor your web environment, like Gomaz, and OpNet. These 2 tools together can cover your entire environment and help you deliver a consistent positive experience. One of the problems I find is that we monitor but we don't take action of the results of the monitoring. No actionable items come out of the monitoring and that is a missed opportunity. If you are going to go through the effort and expense of monitoring your websites - and you are getting alerts to issues, make them actionable items. I recommend taking these alerts to Service Now and turn them into incident tickets, actionable items and get them resolved. Using a tool like Service Now gives you exposure to the issues, trending, problem management and integration to change management. Yes, change management for your web environment. This is not a static environment anymore, but quickly becoming an application environment. This environment needs standards, process, controls and some best practice.
One last recommendation, don't let your website development firm dictate or drive your web environment, infrastructure or process(s). They are interested in their 1 site they just developed and you paid significant money for. You are the holder of the big picture for the organization and you need to be the owner of your environment.
Keep it positive!
Scott Arnett
scott.arnett@charter.net
About Me
- Scott Arnett
- Scott Arnett is an Information Technology & Security Professional Executive with over 30 years experience in IT. Scott has worked in various industries such as health care, insurance, manufacturing, broadcast, printing, and consulting and in enterprises ranging in size from $50M to $20B in revenue. Scott’s experience encompasses the following areas of specialization: Leadership, Strategy, Architecture, Business Partnership & Acumen, Process Management, Infrastructure and Security. With his broad understanding of technology and his ability to communicate successfully with both Executives and Technical Specialists, Scott has been consistently recognized as someone who not only can "Connect the Dots", but who can also create a workable solution. Scott is equally comfortable playing technical, project management/leadership and organizational leadership roles through experience gained throughout his career. Scott has previously acted in the role of CIO, CTO, and VP of IT, successfully built 9 data centers across the country, and is expert in understanding ITIL, PCI Compliance, SOX, HIPAA, FERPA, FRCP and COBIT.
Tuesday, February 14, 2012
Friday, February 3, 2012
Cyber Security - Corporate America
I am attending a Cyber Security meeting with Homeland Security this Saturday. I continue to be active with their Cyber Security Unit. As attacks on corporate networks continue to escalate, we are seeing more and more instances of very sophisticated intrusions. The recent discovery of the breach of the U.S. Chamber of Commerce illustrates that these types of attacks will continue to progress in both their frequency and sophistication.
It is being reported that the U.S. Chamber might not have been the ultimate target but instead was potentially being used as a gateway to the networks of its members. What are you doing to protect your networks? What are your trusted business partners doing? Do you have a plan?
Corporate America has not always taken security serious. From healthcare to manufacturing - we have a security team on paper, but what about actions? They do provisioning, but what about monitoring, safeguards, and lock downs. Most corporations can't afford a large team of experts - but then hire it out as a service. Stop saying we have security and get security. It is ok to say no to employees, it is ok to take the best interest of the corporation into consideration. Do employees really need to get to web base email? Unsecure networks?
Cyber Attacks from foreign sources will increase. Not only do we need to be ready, but a plan that is tested, detailed and ready to respond to an attack. The infrastructure of our country is dependent on all users of the internet to take this serious. Corporate America - time to step up to the plate and take this serious, not next year, not tomorrow - TODAY.
Security is everyone's responsibility.
Keep it positive!
Scott Arnett
scott.arnett@charter.net
It is being reported that the U.S. Chamber might not have been the ultimate target but instead was potentially being used as a gateway to the networks of its members. What are you doing to protect your networks? What are your trusted business partners doing? Do you have a plan?
Corporate America has not always taken security serious. From healthcare to manufacturing - we have a security team on paper, but what about actions? They do provisioning, but what about monitoring, safeguards, and lock downs. Most corporations can't afford a large team of experts - but then hire it out as a service. Stop saying we have security and get security. It is ok to say no to employees, it is ok to take the best interest of the corporation into consideration. Do employees really need to get to web base email? Unsecure networks?
Cyber Attacks from foreign sources will increase. Not only do we need to be ready, but a plan that is tested, detailed and ready to respond to an attack. The infrastructure of our country is dependent on all users of the internet to take this serious. Corporate America - time to step up to the plate and take this serious, not next year, not tomorrow - TODAY.
Security is everyone's responsibility.
Keep it positive!
Scott Arnett
scott.arnett@charter.net
Thursday, February 2, 2012
SaaS Shopping Spree
I find it interesting reading articles, listening to webcast presentations from CEO's on how wonderful Software as a Service has really become. I ask myself - really? Do you find them out of touch as much as I do? Perhaps they are just listening to the SaaS salesman.
Software as a Service does have some value, don't get me wrong, there are some great solutions out there. Salesforce.com, Service Now, and the list goes on. So what is the problem you ask? Glad you ask, because in reality, there is a disconnect in the organization.
I have found many organizational users frustrated with IT because their support, service and attitude has gone down hill. Really? The business went and purchased a SaaS solution to meet a business need. IT is not involved, but also does not have the ability or capability to support this solution. The SaaS solution is a cloud based solution, that means servers, storage, user accounts, application support - all done by the SaaS partner. So when the user calls the service desk saying they are having issues with their application, and the service desk has to ask them to call the SaaS provider - there is the rub. Right? The user does not want a list of 30 SaaS provider help desk numbers to call, we have trained them for years to call 1 extension number for the service desk. Now IT says we can not help them, call someone else.
In addition, I hear many times over, the finger pointing starts. The SaaS says it is the network, the IT Team says it is the SaaS, and the list goes on. The user is caught in the middle, and they don't know if it is the application, the network, their desktop, or even how they are trying to use it. Now the frustration has hit the users of the organization.
Time for some process evaluation and how the organization is going to come back together, work together and solve these new challenges. Put a stop to the SaaS shopping spree and get some process in place on how as an organization you are going to support these new applications, how will they integrate into the environment, and remain secure. Many of these application need data from other sources internal to the organization or will provide data to other systems internal. That upstream and downstream integration into your data flows is key. In addition, figure out user provisioning, data leak prevention, and most important - user interaction. Help the users, if you can't answer the question, have a integrated service desk incident management system with your provider to open tickets on behalf of the user.
There are many organizational benefits to having great applications, including SaaS offerings. It is equally important to have these offerings integrated into the organziation as to minimize the impact to your user community. There is no room in today's tough business climate to have walls internal to the organization.
Keep it positive!
Scott Arnett
scott.arnett@charter.net
Software as a Service does have some value, don't get me wrong, there are some great solutions out there. Salesforce.com, Service Now, and the list goes on. So what is the problem you ask? Glad you ask, because in reality, there is a disconnect in the organization.
I have found many organizational users frustrated with IT because their support, service and attitude has gone down hill. Really? The business went and purchased a SaaS solution to meet a business need. IT is not involved, but also does not have the ability or capability to support this solution. The SaaS solution is a cloud based solution, that means servers, storage, user accounts, application support - all done by the SaaS partner. So when the user calls the service desk saying they are having issues with their application, and the service desk has to ask them to call the SaaS provider - there is the rub. Right? The user does not want a list of 30 SaaS provider help desk numbers to call, we have trained them for years to call 1 extension number for the service desk. Now IT says we can not help them, call someone else.
In addition, I hear many times over, the finger pointing starts. The SaaS says it is the network, the IT Team says it is the SaaS, and the list goes on. The user is caught in the middle, and they don't know if it is the application, the network, their desktop, or even how they are trying to use it. Now the frustration has hit the users of the organization.
Time for some process evaluation and how the organization is going to come back together, work together and solve these new challenges. Put a stop to the SaaS shopping spree and get some process in place on how as an organization you are going to support these new applications, how will they integrate into the environment, and remain secure. Many of these application need data from other sources internal to the organization or will provide data to other systems internal. That upstream and downstream integration into your data flows is key. In addition, figure out user provisioning, data leak prevention, and most important - user interaction. Help the users, if you can't answer the question, have a integrated service desk incident management system with your provider to open tickets on behalf of the user.
There are many organizational benefits to having great applications, including SaaS offerings. It is equally important to have these offerings integrated into the organziation as to minimize the impact to your user community. There is no room in today's tough business climate to have walls internal to the organization.
Keep it positive!
Scott Arnett
scott.arnett@charter.net
Wednesday, February 1, 2012
Architecture in IT - Best Deal?
IT organizations struggling to keep up with technology changes, business changes, and expectations have taken a step back to say "What can we do different? " You see, the struggle is to have your staff deal with day to day operations, yet keep up with all these other forces - not to mention project work.
That is where many CIO's have split IT Operations into different focus teams, and that my friend is where Architecture comes into the organization. Let the IT Delivery Team focus on Operations, and let the Architecture Team focus on new technology, business capability demands, and excellence. There is a 3rd leg to this IT stool - and that is Security. Security should not be part of operations, nor should it be part of Architecture. The Director of Security in most organizations should report direct to the CIO. Now, before anyone is jumping off their chair, there are organizational needs that would dictate the Security Team reports up through Audit, Legal or CFO. It would be a organizational need or regulatory requirement. In most organizations, the CIO can oversee the Security Team.
So, in my opinion the Architecture team is a great deal, and brings strategy, direction, and alignment to the business for the IT Organization. Having your delivery team focused on Operational Excellence is a great deal as well. It will be equally important that the management leaders from these 2 teams stay connected, engaged and meeting on a regular basis. To many times I have seen them start to pull apart and go in different directions, down to where the delivery team starts to hire their own architecture staff. This can't turn into 2 different IT departments, it is 1 department with 2 focused teams. The CTO or CIO will need to ensure they work together and have regular meetings. In some organizations, this turns into staff career paths and opportunities to grow. Which is a good thing all the way around.
I have a few request to talk about the financial impacts of these organizational changes. I will do that soon. Till then -
Keep it positive!
Scott Arnett
scott.arnett@charter.net
That is where many CIO's have split IT Operations into different focus teams, and that my friend is where Architecture comes into the organization. Let the IT Delivery Team focus on Operations, and let the Architecture Team focus on new technology, business capability demands, and excellence. There is a 3rd leg to this IT stool - and that is Security. Security should not be part of operations, nor should it be part of Architecture. The Director of Security in most organizations should report direct to the CIO. Now, before anyone is jumping off their chair, there are organizational needs that would dictate the Security Team reports up through Audit, Legal or CFO. It would be a organizational need or regulatory requirement. In most organizations, the CIO can oversee the Security Team.
So, in my opinion the Architecture team is a great deal, and brings strategy, direction, and alignment to the business for the IT Organization. Having your delivery team focused on Operational Excellence is a great deal as well. It will be equally important that the management leaders from these 2 teams stay connected, engaged and meeting on a regular basis. To many times I have seen them start to pull apart and go in different directions, down to where the delivery team starts to hire their own architecture staff. This can't turn into 2 different IT departments, it is 1 department with 2 focused teams. The CTO or CIO will need to ensure they work together and have regular meetings. In some organizations, this turns into staff career paths and opportunities to grow. Which is a good thing all the way around.
I have a few request to talk about the financial impacts of these organizational changes. I will do that soon. Till then -
Keep it positive!
Scott Arnett
scott.arnett@charter.net
Tuesday, January 31, 2012
IT Operations - Need ITSM?
I had an interesting discussion with several colleagues, many followers on this blog in fact. IT Operations today is much different that in the past. The IT organization is in the process of transition, and it is more important today to follow a best practice framework - like ITSM more than ever. There are many drivers to this change, one big one is Cloud. I find many IT organizations going toward a consultant service based model. You have infrastructure teams in place that still deliver the core, but the application/project teams really becoming consultants to the business. The business doesn't have to shop technology internal anymore, there are many options for them to look at these days.
So with that in mind, the discussion really got spirited around ITSM components - like Problem Management, Change Management, Release, Configuration and Incident Management. The discussion was around if this ITSM framework overhead or benefit? Process to improve, deliver reliability, performance, agility and business value is always a benefit. So what about Root Cause Analysis - a key component to problem management - where does that fit in the big picture?
Some organizations have really developed and become efficient in Root Cause Analysis. The individuals in this friendly debate had many opinions, and suggestions on the value of this process. My opinion has always been to improve operations, you need to find the root cause of the failure to prevent a repeat. Right? The problem with Root Cause Analysis process in many organizations is that it does not go far enough. If you find the root cause, that process needs to recommend a solution, architecture needs to design the solution or approve the solution, and the operations team needs to implement. Many times the root cause process identifies the issue, impact, and potential solution, but never goes any further. That is the failure, so does the fact an organization has a Root Cause Analysis a false security blanket? Many in this little discuss felt so, and a few went so far as to say it is a waste of time and reflection on management. Interesting ......
I think it is a reflection on the maturity of the organization on some good process and practice. There has to be a champion of Operations Efficiency - or ITSM Leader. It is not going to happen overnight, but a steady growth down that path will deliver results and deliver a better IT experience to the business. Is your organization ready?
Keep it positive!
Scott Arnett
scott.arnett@charter.net
So with that in mind, the discussion really got spirited around ITSM components - like Problem Management, Change Management, Release, Configuration and Incident Management. The discussion was around if this ITSM framework overhead or benefit? Process to improve, deliver reliability, performance, agility and business value is always a benefit. So what about Root Cause Analysis - a key component to problem management - where does that fit in the big picture?
Some organizations have really developed and become efficient in Root Cause Analysis. The individuals in this friendly debate had many opinions, and suggestions on the value of this process. My opinion has always been to improve operations, you need to find the root cause of the failure to prevent a repeat. Right? The problem with Root Cause Analysis process in many organizations is that it does not go far enough. If you find the root cause, that process needs to recommend a solution, architecture needs to design the solution or approve the solution, and the operations team needs to implement. Many times the root cause process identifies the issue, impact, and potential solution, but never goes any further. That is the failure, so does the fact an organization has a Root Cause Analysis a false security blanket? Many in this little discuss felt so, and a few went so far as to say it is a waste of time and reflection on management. Interesting ......
I think it is a reflection on the maturity of the organization on some good process and practice. There has to be a champion of Operations Efficiency - or ITSM Leader. It is not going to happen overnight, but a steady growth down that path will deliver results and deliver a better IT experience to the business. Is your organization ready?
Keep it positive!
Scott Arnett
scott.arnett@charter.net
Tuesday, December 13, 2011
Recovery as a Service
What? Another cloud acronym? RaaS? Sure looks like it, Recovery as a Service. Remember the Sunguard and IBM contracts you haggle over each year? Well now you can buy that recovery service in the cloud. So is that a good thing?
There are many reasons you engage a recovery partner, and many options you may need in the event of a disaster. How can a cloud service provide a temp physical location? Will they help setup a temporary internet connection for you? What should I worry about you may ask…..
Keep in mind that cloud services are a multi tenancy solution, that is oversubscribed and at the mercy of your available bandwidth. In addition, there currently is no option to bridge between multiple cloud providers. There is also a challenge when it comes to testing / scheduling access to your virtual hardware.
One more important point to make is around regulatory compliance, regardless if that is PCI, SOX or HIPAA. You are still responsible for maintaining your security, DR plans, and compliance. You cannot pass your obligations off to your cloud provider. I would recommend putting into your contract that ability for your auditors to audit the cloud provider. Do not rely on just a SAS 70 Type II audit document given to you by the provider. It is helpful information but not sufficient enough. Your auditor needs to test the environment, controls, and so forth.
RaaS truly is for small environments, and not a solution for large enterprises. It can be used for test or development environments, but in limited capacity. The key to utilizing a Recovery as a Service solution is getting an internet connection restored and your users access to that data or applications. If you have limited bandwidth now, it will be 30 to 45 days for new circuits to address the bandwidth constraint to make RaaS a viable solution.
Keep it positive!
Scott Arnett
There are many reasons you engage a recovery partner, and many options you may need in the event of a disaster. How can a cloud service provide a temp physical location? Will they help setup a temporary internet connection for you? What should I worry about you may ask…..
Keep in mind that cloud services are a multi tenancy solution, that is oversubscribed and at the mercy of your available bandwidth. In addition, there currently is no option to bridge between multiple cloud providers. There is also a challenge when it comes to testing / scheduling access to your virtual hardware.
One more important point to make is around regulatory compliance, regardless if that is PCI, SOX or HIPAA. You are still responsible for maintaining your security, DR plans, and compliance. You cannot pass your obligations off to your cloud provider. I would recommend putting into your contract that ability for your auditors to audit the cloud provider. Do not rely on just a SAS 70 Type II audit document given to you by the provider. It is helpful information but not sufficient enough. Your auditor needs to test the environment, controls, and so forth.
RaaS truly is for small environments, and not a solution for large enterprises. It can be used for test or development environments, but in limited capacity. The key to utilizing a Recovery as a Service solution is getting an internet connection restored and your users access to that data or applications. If you have limited bandwidth now, it will be 30 to 45 days for new circuits to address the bandwidth constraint to make RaaS a viable solution.
Keep it positive!
Scott Arnett
Monday, December 12, 2011
Build, Rent, or Cloud Services?
I had a colleague call me a few weeks ago and was seeking advice on a data center strategy. Their data center is 25 years old, the environmental controls need replacement, they need space – do I think they should remodel and expand. We talked for a few hours to get more information on the current state, desired state and future state. During the conversation it became very clear that there is confusion between co-location options, Cloud Services (SaaS, IaaS, etc) and internal options.
My colleague said that there is confusion out there and I should put this out on my blog as others may be asking the same questions. I was more than happy to oblige, with one condition – that they read some of my cloud posts. So we have a deal, and here we go.
My first recommendation to my colleague was to perform an assessment of what they have today. This assessment should include the facilities, but also, networks, servers, storage, tools, applications, access options, capacity, and disaster recovery. Once we have that completed assessment, a picture of what we have in place today, let’s identify today’s pain points. This quickly revealed that it truly is a facility issue that is putting constraints on the operations, and the ability to deliver capability to the business.
To remodel a production data center online is almost impossible. I have done it once in my career, but it comes with high risk, and many challenges. In addition, to make that investment of building a new data center and make the TCO financially sustainable, you have a great deal of homework ahead of you.
So to make sure we are all on the same page, my definition of a co-location is taking your operations and renting space from Joe’s Data Center and putting it on their floor. You pay to rent the floor space that includes power, cooling, and network / internet connectivity. It is your servers, storage, equipment. You still maintain your process(s), procedure, operations, monitoring and break/fix. A hosted solution is just moving your application(s) and data to their data center on their servers/storage and you maintain the application, they maintain the infrastructure. Cloud based services is renting an application or called Software as a Service (SaaS) or renting some storage for DR or called Infrastructure as a Service.
There are benefits to each scenario and you have to look at the cost(s), risk(s) and operations. In addition, your disaster recovery plan. Going to an option that takes your mission critical infrastructure and applications off premise comes with risk. You have to take into account carrier performance, geographic risks, power grids, and so forth. If your corporate office or key production facility just lost internet connection, they no longer have access to applications or infrastructure – what impact does that have on the business? Do you have redundant circuits between different carriers? Are the different carriers all renting space on the same fiber that was just cut? Do you have redundant power grid supply lines – from different substations? You now have all these factors to consider as your data center is miles away from all your users and many things out of your control. Here is a diagram I found in some of my archives:
This diagram shows connectivity to the primary data center from multiple facilities with point to point connections. There is new technology out there to utilize and investigate, such as MPLS. You can also push down to the client to determine which data center to connect to. There are some great load balance solutions out there now. One I greatly recommend is from A10 networks. Check them out, there are some real advantages to their solutions. One more comment on the MPLS network option is that you can push your security to the MPLS cloud and have your firewalls, IDS, DLP all sitting in that cloud to protect the entire private MPLS cloud you installed. I would keep your data center to data center sync line direct Point to Point. Just my preference. The main point here is don’t forget the DR portion of your planning. Very key!
The other question was, should I just push everything to the cloud now and be done with it? So given the information they shared, I don’t think you can push your entire data center to the cloud. Things like email, and even your voice services can go to the cloud. But your mission critical systems – can you really get them into a Cloud offering and deliver at or above your current operation? Probably not. What about your corporate data, is the organization comfortable with that data sitting in a multi tenancy environment out of your control? Probably not. So look for the quick wins and easy decisions to make to get some of that out of your data center today. This will help take the load off your aging environmental components while you determine your course of action.
Some of the feedback I get is to just say “if it was you, what would you do….”. I have tried to not do that, but I know folks are interested in my opinion. Given what I know from my colleague, I would build a new data center on premise, that is much smaller than what you have today, and that brings much needed automation, and process improvement. I would place your MDF in that new data center, your key infrastructure components, and mission critical applications. I would turn your email, video conference, voice services, and SharePoint into SaaS solutions. I would also drive virtualization – nothing moves from old data center to new data center without a new plan. New virtualization plans for server, storage, and desktop. I would develop a hybrid cloud solution and look for some appliance solutions for the integration to your external cloud solution. I would look for a storage IaaS solution for your archive data – encrypted of course. I would also build your MPLS WAN for all site connections and put your security in the cloud as a service. Let the security experts do that for you.
This accomplishes a few things, 1) you remove the risk of a facility failure, 2) you take the load off your limited staff and let them focus on mission critical components, 3) you start the cloud journey small and grow into it as it makes sense, 4) you are now in a position to deliver a more successful DR plan to the organization, 5) you will drive down cost(s) with your new facility with the new technology and new approach.
I am not opposed to co-location solutions, I just have found the TCO for that solution hard to sell. You add up all your cost(s), risk(s), risk avoidance, and operational changes, and you can no longer afford it.
Keep it positive!
Scott Arnett
scott.arnett@charter.net
My colleague said that there is confusion out there and I should put this out on my blog as others may be asking the same questions. I was more than happy to oblige, with one condition – that they read some of my cloud posts. So we have a deal, and here we go.
My first recommendation to my colleague was to perform an assessment of what they have today. This assessment should include the facilities, but also, networks, servers, storage, tools, applications, access options, capacity, and disaster recovery. Once we have that completed assessment, a picture of what we have in place today, let’s identify today’s pain points. This quickly revealed that it truly is a facility issue that is putting constraints on the operations, and the ability to deliver capability to the business.
To remodel a production data center online is almost impossible. I have done it once in my career, but it comes with high risk, and many challenges. In addition, to make that investment of building a new data center and make the TCO financially sustainable, you have a great deal of homework ahead of you.
So to make sure we are all on the same page, my definition of a co-location is taking your operations and renting space from Joe’s Data Center and putting it on their floor. You pay to rent the floor space that includes power, cooling, and network / internet connectivity. It is your servers, storage, equipment. You still maintain your process(s), procedure, operations, monitoring and break/fix. A hosted solution is just moving your application(s) and data to their data center on their servers/storage and you maintain the application, they maintain the infrastructure. Cloud based services is renting an application or called Software as a Service (SaaS) or renting some storage for DR or called Infrastructure as a Service.
There are benefits to each scenario and you have to look at the cost(s), risk(s) and operations. In addition, your disaster recovery plan. Going to an option that takes your mission critical infrastructure and applications off premise comes with risk. You have to take into account carrier performance, geographic risks, power grids, and so forth. If your corporate office or key production facility just lost internet connection, they no longer have access to applications or infrastructure – what impact does that have on the business? Do you have redundant circuits between different carriers? Are the different carriers all renting space on the same fiber that was just cut? Do you have redundant power grid supply lines – from different substations? You now have all these factors to consider as your data center is miles away from all your users and many things out of your control. Here is a diagram I found in some of my archives:
The other question was, should I just push everything to the cloud now and be done with it? So given the information they shared, I don’t think you can push your entire data center to the cloud. Things like email, and even your voice services can go to the cloud. But your mission critical systems – can you really get them into a Cloud offering and deliver at or above your current operation? Probably not. What about your corporate data, is the organization comfortable with that data sitting in a multi tenancy environment out of your control? Probably not. So look for the quick wins and easy decisions to make to get some of that out of your data center today. This will help take the load off your aging environmental components while you determine your course of action.
Some of the feedback I get is to just say “if it was you, what would you do….”. I have tried to not do that, but I know folks are interested in my opinion. Given what I know from my colleague, I would build a new data center on premise, that is much smaller than what you have today, and that brings much needed automation, and process improvement. I would place your MDF in that new data center, your key infrastructure components, and mission critical applications. I would turn your email, video conference, voice services, and SharePoint into SaaS solutions. I would also drive virtualization – nothing moves from old data center to new data center without a new plan. New virtualization plans for server, storage, and desktop. I would develop a hybrid cloud solution and look for some appliance solutions for the integration to your external cloud solution. I would look for a storage IaaS solution for your archive data – encrypted of course. I would also build your MPLS WAN for all site connections and put your security in the cloud as a service. Let the security experts do that for you.
This accomplishes a few things, 1) you remove the risk of a facility failure, 2) you take the load off your limited staff and let them focus on mission critical components, 3) you start the cloud journey small and grow into it as it makes sense, 4) you are now in a position to deliver a more successful DR plan to the organization, 5) you will drive down cost(s) with your new facility with the new technology and new approach.
I am not opposed to co-location solutions, I just have found the TCO for that solution hard to sell. You add up all your cost(s), risk(s), risk avoidance, and operational changes, and you can no longer afford it.
Keep it positive!
Scott Arnett
scott.arnett@charter.net
Subscribe to:
Posts (Atom)